SlideShare a Scribd company logo
1 of 100
Download to read offline
National Volunteering Forum: May18
National Volunteering Forum: May18
National Volunteering Forum: May18
National Volunteering Forum: May18
Coming soon:
a view from the ICO
National Volunteering Forum – 15 May 2018
Richard Sisson, Senior Policy Officer,
Policy & Engagement (Private & Third Sector)
About us …
…and this presentation
25 May
2018
Key points about GDPR
Evolution
Not
Revolution
Focus on
transparency
and control
Accountability
Individual’s rights
!?
Complying with the GDPR….
• Complete compliance the aim
• 25 May is not an end date to compliance
• ICO remains a pragmatic organisation
• However, no grace period
• Follow accountability principle
• Know your lawful basis and be able to justify it
• Be as transparent as you can
Ten days to go:
Fining powers
€20 million or 4% turnover, but:
• ICO wants to promote good practice
• Not going to be issuing fines to punish
organisations
• No guarantees not to fine but look at
mitigation
• Accountability practices
ICO can issue greater fines but this is not our goal.
How to work with the ICO
+ Charity sector page
ICO guidance ICO liaises
with member
bodies on
issues
ICO expanding
– new teams
and processes
Guide to the GDPR
Fundraising and direct marketing
Confusion over use of legitimate interests (LI) and consent
If marketing caught by PECR then you will need consent
- except in certain circumstances
LI can be used for marketing not caught by PECR
- but must do a LI assessment
- and, need for transparency
Issues for the sector 1:
What do volunteers need to do about personal data
-Will depend on how the volunteer is undertaking their role
-If they are not processing personal data as part of their role then it is still useful
for them to know about the legal obligations regarding personal data
-may be useful to know about what the organisation does with personal data for
purposes of transparency
Issues for the sector 2:
Where volunteers do process personal data, they must:
- know the purpose they need the individual’s data
- know their lawful basis
- be transparent
- only collect the personal data that they need to
- have appropriate security in place
Organisation should decide whether individuals need to be processing the data
independently or whether the organisation should process the personal data
National Volunteering Forum: May18
@iconews
Keep in touch
Subscribe to our e-newsletter at www.ico.org.uk
or find us on…
/iconews http://ico.org.uk/livechat
National Volunteering Forum: May18
Q&A
@NCVOvolunteers
#volforum
Open the conversation
@NCVOvolunteers
#volforum
Our
experience
of tackling
an ICO
Enforcement
Notice
Amy Symons
Alzheimer’s Society
Alzheimer’s
Society
21
• 2200 employees
• 6100 volunteers
• Over 2 million Dementia Friends
The new deal on dementia:
• Support
• Society
• Research
Why did we
get an
enforcement
notice? …because we
didn’t listen
22
23
24
What did we
need to fix
the issues?
EN10
25
26
27
28
29
30
Thank you
for listening
Any questions?
Do it with data
GDPR
Damien Austin-Walker
doit.life
Sharing & consent in volunteer brokerage
National Volunteering Forum: May18
Pillars of GDPR
● Transparency - the right to be informed
● Access - the right to access and verify data is processed legally
● Rectification - the right to rectify incorrect or incomplete data
● Erasure - the right to be informed
● Portability - the right to obtain and reuse your personal data
● Objection - the right to object to marketing & profiling
Checkbox catch-up!
National Volunteering Forum: May18
Access sport
Should not for profits learn from the
commercial sector?
So what’s the issue with volunteering?
When you register your interest in a job or
volunteering opportunity, we will forward your
details to the recruiter. If the opportunity is
advertised through a broker, such as a Volunteer
Centre or recruitment agency, your details will be
available to both the broker and the organisation
providing the opportunity in order to take your
application forward.
What is Do it doing?
National Volunteering Forum: May18
Transparency
& consent
National Volunteering Forum: May18
Transparency
& consent
Your personal data vault
The Real Opportunity
Your life, your data
Rise of digital identity
Data can be cryptographically protected so only
the individual can grant access on
a case by case basis.
Additionally it can be decentralised
- either stored across users’
personal devices, or across the
internet on a blockchain.
Blockchain?
What is the future?
doit.life
Q&A
@NCVOvolunteers
#volforum
Open the conversation
@NCVOvolunteers
#volforum
Chris Wade
Director of Engagement
&
Clare Sutton
Learning and Development Officer
‘Equipping Volunteers for their
responsibilities under GDPR’
The MND Association
A different approach
‘Protecting and Respecting
Personal Data’
– creates engagement and a desire to
comply with the regulations
– positive response to this approach
Introducing Ted
Starting the conversation…
Self Assessment
• Each Branch/Group (B&G) member with data responsibilities
asked to complete with support from Regional Volunteer
Development Co-Ordinator
• Almost 60% returned – used to inform training
• Started B&G looking at their practices ahead of learning sessions
Learning Sessions…
‘What do I need to know?’
• National delivery of face-to-face learning
sessions focused on ‘what do I need to know’ -
not weighed down in technical information
• Using real life examples and scenarios
• Able to respond to
questions and concerns
immediately
‘How to’ guides
Challenges…
• National reach of volunteers – 79 active B&G
• Creating opportunities for volunteers to attend
learning sessions
• Pitching the learning sessions at the right level
• The complexities of applying GDPR
• Managing varying attitudes to new regulations
What’s Next…
• More learning events
• Volunteer team able to deliver further sessions
with learning resources
• Webinars for those unable to attend
• Review of B&G practice on-going
Meeting all your data protection and privacy needs
Privacy Statements (Squaring the Circle)
Managing Multiple
Relationships (Who are you to them?)
Gary Shipsey | Managing Director
14th May 2018
15 May 2018
15 May 2018
15 May 2018
“We won’t share your details with other
charities for marketing purposes. If that’s
not OK, please tick the box.”
15 May 2018
“…ought to reasonably have known that data subjects
would be unlikely to infer from those terms that their
person data would be processed for the purposes of
wealth screening”
para 40 BHF / para 47 RSPCA
15 May 2018
…user-centric rather than legalistic
The practical (information) requirements are outlined in
Art. 12 - 14
However, the quality, accessibility and comprehensibility of
the information is as important as the actual content of the
transparency information…”
Article 29 Working Party Guidelines on transparency
15 May 2018
‘Privacy notice’ to describe all the privacy information
you need to make available to people. It must:
• Be more detailed and specific
• Make notices understandable and accessible
• Be audience specific
• Use house-style language still discretion for [you] to
consider where the information…
should be displayed in different
layers of a notice.
15 May 2018
Means of
providing privacy
information
3. engagement with stakeholders in developing and testing your privacy info.;
4. your approach to obtaining consent (where applicable)
5. your approach to collecting personal data via Applications (if applicable);
6. the different ways personal data is collected from each Data Subject Category
7. what potential methods, means and formats you have at your disposal to
deliver the privacy information, and
8. an approach to providing privacy info. throughout the period of processing
1. the language and general accessibility
considerations;
2. how you will approach vulnerable data
subjects (if applicable);
15 May 2018
Means of
providing general
privacy
information
Define how you will provide access to the
privacy information that every Data Subject
should be able to access
- Data Controller
- DPO / DP Lead
- Individual’s rights
- ICO
15 May 2018
Baseline of specific
privacy information
(per Data Subject Category)
Define a "baseline" of specific privacy
information for each Data Subject
Category.
Much of the detail should come from
your Record of Processing Activities
(ROPA).
Maintain a Master Log of “baseline”
privacy information in your Privacy
Information Strategy.
Data Subject Categories
A. Employees
B. Contractors
C. Councillors
D. Applicants
E. Service users
15 May 2018
Means of
providing general
privacy
information
Means of
providing privacy
information
Baseline of specific
privacy information
(per Data Subject Category)
Privacy Information Assessments
Undertaken to define how privacy
information will be provided, in three
situations:
A. Collected directly from an individual -
e.g. via a form; verbally; in person.
B. Come into the organisation from
another source - e.g. a referral from
another organisation; a public source.
C. When existing personal data is to be
used for a new purpose
15 May 2018
The request for consent shall be presented in a manner
which is:
Clearly distinguishable from
other matters
In an intelligible and easily
accessible form
Using clear and plain
language
Consent
15 May 2018
Any freely given,
specific,
informed and
unambiguous indication of [their] wishes…
[either] by a statement or by a clear affirmative action
15 May 2018
not…freely given, if it does not allow separate consent to be given to
different personal data processing operations despite it being appropriate
When the processing has multiple purposes,
consent should be given for all of them.
Specific and informed
…you should provide a separate opt-in for
each…unless you are confident it is
appropriate to bundle them together.
If you want consent for
various different purposes or
types of processing…
People should not be forced
to agree to all or nothing…
…they may want to consent to some
things but not to others.
15 May 2018
Direct
Marketing
“…communication (by whatever means)
…of any advertising or marketing material
…which is directed to particular individuals”.
“All promotional material….including material
promoting the aims [and ideals] of not-for-profit
organisations…
…the direct marketing rules…will apply to the promotional,
campaigning and fundraising activities of [charities / NfPs].
…any messages which include some marketing
elements, even if that is not their main purpose.
15 May 2018
@
SMS+
Consent
Electronic DM
15 May 2018
Screen Vs:
previous
objections + TPS
Legitimate
interests OR
Consent
Legitimate
interests OR
Consent
n/a
15 May 2018
How long does consent last?
PECR:
• consents for
the time being
GB Red Cross
Undertaking
• 2 years
ICO Direct Marketing
• “consent lasts as long as circumstances remain
the same, and will expire if there is a significant
change in circumstances.” para 63.
• “Even if consent is not explicitly withdrawn, it will
become harder to rely on as a genuine indication of
the person’s wishes as time passes.
• ‘for the time being’. We consider this implies a
period of continuity and stability, and that any
significant change in circumstances is likely to
mean that consent comes to an end.” para 99.
Managing Multiple Relationships
(Who are you to them?)
Gary Shipsey | Managing Director
15th May 2018
15 May 2018www.protecture.org.uk
Common sense….?
15 May 2018www.protecture.org.uk
“Common sense is not so common”
Voltaire
15 May 2018www.protecture.org.uk
• Transparency
• Accountability
• Fines
• Compensation
shall be responsible for
and
be able to demonstrate
compliance with
the principles
Greater emphasis
15 May 2018www.protecture.org.uk
A) Accountability
Strategica
Operationalb
Tacticalc
Policy
Standard
Procedures How to achieve
it; steps to
follow
What needs to
be achieved
Risk appetite
and overall
accountability
DPO /
DP
Lead
Public
Regulators
Suppliers
Staff
ICO / Fundraising
Regulator / Charity
Commission
Protecture
Management and Delivery
of Key GDPR Requirements
15 May 2018www.protecture.org.uk
Data
Controller
Data
Processor
Contract
the controller and the
processor shall implement
appropriate technical and
organisational measures…
A) Accountability Management and Delivery
of Key GDPR Requirements
15 May 2018www.protecture.org.uk
Purpose
Lawful
basis
Transparency
 How much to collect
 Who needs to see it
 Who to share it with
 How long to keep it
Processing
activities
Extent to which
people can
use/enforce their
rights
Be fair – to inform
people
“… specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes…
A) Accountability Record of Processing
Activities (ROPA)
15 May 2018www.protecture.org.uk
1. Fundraisers
2. Finance team / HR (incl. volunteers)
3. Support Hubs
4. Recreation Club (gym)
5. Massage therapy
6. Shops
Business Objectives / areas
Data Subject Categories
A. Employees / Volunteers
B. Donors (financial)
C. Service users
D. Customers
A) Accountability Record of Processing
Activities (ROPA)
15 May 2018www.protecture.org.uk
1. Housing
2. Education
3. Justice
4. Health
5. Support & advice
6. Policy & research
7. Finance / HR
8. Fundraising
Business Objectives / areas
Data Subject Categories
A. Employees / Volunteers
B. Donors (financial)
C. Service users
A) Accountability Record of Processing
Activities (ROPA)
15 May 2018
Compliance with Legal
Obligation
Required by UK or EU Law
A public task
Official functions/tasks in
public interest
Vital interests
Protect someone’s life
Contract with the individual
Supply what they want/steps
taken at their request before
entering into a contract
Consent
Legitimate interest*
Your needs unless outweighed
by the harm to the individuals
right's and interests
www.protecture.org.uk
15 May 2018www.protecture.org.uk
Objective:
Ensure all current
technical and
organisational measures
in place are understood
and any key risks
mitigates or accepted
C) Security
15 May 2018www.protecture.org.uk
Taking into account the:
 state of the art
 the costs of implementation
 the nature, scope, context, purposes of processing
 risk of varying likelihood
 severity for the rights and freedoms of natural persons
…the controller and the processor shall implement appropriate technical and
organisational measures to ensure a level of security appropriate to the risk…
C) Security
15 May 2018www.protecture.org.uk
In assessing the appropriate level of security
account shall be taken in particular of the risks that are
presented by processing, in particular from
accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to personal data
transmitted, stored or otherwise processed …
C) Security
Q&A
@NCVOvolunteers
#volforum
National Volunteering Forum: May18
National Volunteering Forum: May18
National Volunteering Forum: May18
National Volunteering Forum: May18
National Volunteering Forum: May18
FURTHER INFORMATION
Practical support
https://www.ncvo.org.uk/practical-support/volunteering
http://knowhownonprofit.org/
Data and research
http://data.ncvo.org.uk/
https://www.ncvo.org.uk/institute-for-volunteering-research
Investing in Volunteers
http://iiv.investinginvolunteers.org.uk/
Become a member
https://www.ncvo.org.uk/about-us/join-ncvo
99
GET IN TOUCH
@NCVOvolunteers
volunteering@ncvo.org.uk
100

More Related Content

What's hot

Five Considerations for Blockchain Applied to Data Privacy & GDPR
Five Considerations for Blockchain Applied to Data Privacy & GDPRFive Considerations for Blockchain Applied to Data Privacy & GDPR
Five Considerations for Blockchain Applied to Data Privacy & GDPRDivyaConsagous
 
Info qiy foundation digital me - dappre-eng-jan18
Info qiy foundation   digital me - dappre-eng-jan18Info qiy foundation   digital me - dappre-eng-jan18
Info qiy foundation digital me - dappre-eng-jan18webwinkelvakdag
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
How To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity CrisisHow To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity Crisiswieringa
 
Innovations, ideas and insights at linfinity thailand roundtable
Innovations, ideas and insights at linfinity thailand roundtableInnovations, ideas and insights at linfinity thailand roundtable
Innovations, ideas and insights at linfinity thailand roundtableAbbyDeng3
 
DeFi Beyond the Hype
DeFi Beyond the HypeDeFi Beyond the Hype
DeFi Beyond the HypeHarsha MV
 
BigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Inc
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao -  An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao -  An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Inc
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Inc
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and BlockchainSalman Baset
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.Salman Baset
 
Robotic Alms: AI and the future of charitable giving
Robotic Alms:  AI and the future of charitable givingRobotic Alms:  AI and the future of charitable giving
Robotic Alms: AI and the future of charitable givingrhoddavies1
 
BigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID Inc
 

What's hot (20)

Five Considerations for Blockchain Applied to Data Privacy & GDPR
Five Considerations for Blockchain Applied to Data Privacy & GDPRFive Considerations for Blockchain Applied to Data Privacy & GDPR
Five Considerations for Blockchain Applied to Data Privacy & GDPR
 
Info qiy foundation digital me - dappre-eng-jan18
Info qiy foundation   digital me - dappre-eng-jan18Info qiy foundation   digital me - dappre-eng-jan18
Info qiy foundation digital me - dappre-eng-jan18
 
Trust Frameworks Explained
Trust Frameworks ExplainedTrust Frameworks Explained
Trust Frameworks Explained
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
 
How To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity CrisisHow To Prevent The World Wild Web Identity Crisis
How To Prevent The World Wild Web Identity Crisis
 
Innovations, ideas and insights at linfinity thailand roundtable
Innovations, ideas and insights at linfinity thailand roundtableInnovations, ideas and insights at linfinity thailand roundtable
Innovations, ideas and insights at linfinity thailand roundtable
 
DeFi Beyond the Hype
DeFi Beyond the HypeDeFi Beyond the Hype
DeFi Beyond the Hype
 
Blockchain in HR
Blockchain in HRBlockchain in HR
Blockchain in HR
 
BigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights AutomationBigID Datasheet: CCPA Data Rights Automation
BigID Datasheet: CCPA Data Rights Automation
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao -  An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao -  An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance Automated
 
HR Blockchain User Experience
HR Blockchain User ExperienceHR Blockchain User Experience
HR Blockchain User Experience
 
BigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & OrchestrationBigID Data sheet: Consent Governance & Orchestration
BigID Data sheet: Consent Governance & Orchestration
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
 
Robotic Alms: AI and the future of charitable giving
Robotic Alms:  AI and the future of charitable givingRobotic Alms:  AI and the future of charitable giving
Robotic Alms: AI and the future of charitable giving
 
BigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access IntelligenceBigID DataSheet: Data Access Intelligence
BigID DataSheet: Data Access Intelligence
 

Similar to National Volunteering Forum: May18

UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
Legal Issues For Online Communities - David Deakin
Legal Issues For Online Communities - David DeakinLegal Issues For Online Communities - David Deakin
Legal Issues For Online Communities - David DeakinFeverBee Limited
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin Asia
 
Scotland legal update 25 sept
Scotland legal update   25 septScotland legal update   25 sept
Scotland legal update 25 septRachel Aldighieri
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Why the new data laws are good for UX
Why the new data laws are good for UXWhy the new data laws are good for UX
Why the new data laws are good for UXjreay
 
Techniques For Privacy Preserving Data Mining Essay
Techniques For Privacy Preserving Data Mining EssayTechniques For Privacy Preserving Data Mining Essay
Techniques For Privacy Preserving Data Mining EssayMelissa Moore
 
Big Data And Information Privacy
Big Data And Information PrivacyBig Data And Information Privacy
Big Data And Information PrivacySandra Willey
 
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18Inga Romanoff
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Catapult
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...MicheleNati
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event   11 march 2015 - recordPersonal Data and Trust Network inaugural Event   11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordDigital Catapult
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlMicheleNati
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
Information Privacy Principles
Information Privacy PrinciplesInformation Privacy Principles
Information Privacy PrinciplesPeggy Johnson
 
Predictable Revenue with the GDPR
Predictable Revenue with the GDPRPredictable Revenue with the GDPR
Predictable Revenue with the GDPRDaniel Barber
 

Similar to National Volunteering Forum: May18 (20)

UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
Legal Issues For Online Communities - David Deakin
Legal Issues For Online Communities - David DeakinLegal Issues For Online Communities - David Deakin
Legal Issues For Online Communities - David Deakin
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal Data
 
Scotland legal update 25 sept
Scotland legal update   25 septScotland legal update   25 sept
Scotland legal update 25 sept
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
Why the new data laws are good for UX
Why the new data laws are good for UXWhy the new data laws are good for UX
Why the new data laws are good for UX
 
Techniques For Privacy Preserving Data Mining Essay
Techniques For Privacy Preserving Data Mining EssayTechniques For Privacy Preserving Data Mining Essay
Techniques For Privacy Preserving Data Mining Essay
 
Big Data And Information Privacy
Big Data And Information PrivacyBig Data And Information Privacy
Big Data And Information Privacy
 
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18
New York Marketo User Group Meetup: GDPR for Marketers - DECODED 6.15.18
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event   11 march 2015 - recordPersonal Data and Trust Network inaugural Event   11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - record
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Building Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and controlBuilding Consumers Trust: The role of transparency and control
Building Consumers Trust: The role of transparency and control
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 
Information Privacy Principles
Information Privacy PrinciplesInformation Privacy Principles
Information Privacy Principles
 
Predictable Revenue with the GDPR
Predictable Revenue with the GDPRPredictable Revenue with the GDPR
Predictable Revenue with the GDPR
 

More from NCVO - National Council for Voluntary Organisations

More from NCVO - National Council for Voluntary Organisations (20)

AGM 2022: Vision for Volunteering
AGM 2022: Vision for VolunteeringAGM 2022: Vision for Volunteering
AGM 2022: Vision for Volunteering
 
AGM 2022: Building networks
AGM 2022: Building networksAGM 2022: Building networks
AGM 2022: Building networks
 
AGM 2022: Membership
AGM 2022: MembershipAGM 2022: Membership
AGM 2022: Membership
 
AGM 2022: Time Well Spent
AGM 2022: Time Well SpentAGM 2022: Time Well Spent
AGM 2022: Time Well Spent
 
AGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace reviewAGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace review
 
National Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staffNational Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staff
 
Improving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to considerImproving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to consider
 
NCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance CodeNCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance Code
 
Undertaking a governance effectiveness review
Undertaking a governance effectiveness reviewUndertaking a governance effectiveness review
Undertaking a governance effectiveness review
 
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentialsNCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
 
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyondNCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
 
Decision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and mergerDecision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and merger
 
Easing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staffEasing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staff
 
How to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertaintyHow to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertainty
 
Easing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staffEasing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staff
 
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
 
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells usNCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
 
NCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to workNCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to work
 
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
 
NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...
 

Recently uploaded

CBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCongressional Budget Office
 
Water for Prosperity and peace - United Nations World Water Development Repo...
Water for Prosperity and peace -  United Nations World Water Development Repo...Water for Prosperity and peace -  United Nations World Water Development Repo...
Water for Prosperity and peace - United Nations World Water Development Repo...Christina Parmionova
 
Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Christina Parmionova
 
Parents can give charity ideas for kids.
Parents can give charity ideas for kids.Parents can give charity ideas for kids.
Parents can give charity ideas for kids.SERUDS INDIA
 
Item # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW DirectorItem # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW Directorahcitycouncil
 
2024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 172024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 17JSchaus & Associates
 
Water can create peace or spark conflict.
Water can create peace or spark conflict.Water can create peace or spark conflict.
Water can create peace or spark conflict.Christina Parmionova
 
Millions of Homeless Children in kurnool
Millions of Homeless Children in kurnoolMillions of Homeless Children in kurnool
Millions of Homeless Children in kurnoolSERUDS INDIA
 
Item # 1a - March 18, 2024 Special CCM Minutes
Item # 1a - March 18, 2024 Special CCM MinutesItem # 1a - March 18, 2024 Special CCM Minutes
Item # 1a - March 18, 2024 Special CCM Minutesahcitycouncil
 
PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.ahcitycouncil
 
World Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportWorld Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportEnergy for One World
 
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...Alvaro Santi
 
Yes!? We can end TB - World Tuberculosis Day 2024.
Yes!? We can end TB - World Tuberculosis Day 2024.Yes!? We can end TB - World Tuberculosis Day 2024.
Yes!? We can end TB - World Tuberculosis Day 2024.Christina Parmionova
 
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptx
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptxDB9_BTR_Webinar_Slidedeck_20230320 (1).pptx
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptxNAP Global Network
 
What is Politics by Andrew Heywood - Introduction to Politics
What is Politics by Andrew Heywood - Introduction to PoliticsWhat is Politics by Andrew Heywood - Introduction to Politics
What is Politics by Andrew Heywood - Introduction to Politicsabisamharim
 
War in Ukraine and problematics of the Ukrainian refugees in USA
War in Ukraine and problematics of the Ukrainian refugees in USAWar in Ukraine and problematics of the Ukrainian refugees in USA
War in Ukraine and problematics of the Ukrainian refugees in USAival6
 
Water and peace go hand-in hand. World Water Day 2024
Water and peace go hand-in hand. World Water Day 2024Water and peace go hand-in hand. World Water Day 2024
Water and peace go hand-in hand. World Water Day 2024Christina Parmionova
 
Parents give a charity ideas for children
Parents give a charity ideas for childrenParents give a charity ideas for children
Parents give a charity ideas for childrenSERUDS INDIA
 
Hub Design Inspiration Graphics for inspiration
Hub Design Inspiration Graphics for inspirationHub Design Inspiration Graphics for inspiration
Hub Design Inspiration Graphics for inspirationStephen Abram
 
india sanitation coalition Swachata Abhiyan ​.pdf
india sanitation coalition Swachata Abhiyan ​.pdfindia sanitation coalition Swachata Abhiyan ​.pdf
india sanitation coalition Swachata Abhiyan ​.pdfcoalitionindiasanita
 

Recently uploaded (20)

CBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New Research
 
Water for Prosperity and peace - United Nations World Water Development Repo...
Water for Prosperity and peace -  United Nations World Water Development Repo...Water for Prosperity and peace -  United Nations World Water Development Repo...
Water for Prosperity and peace - United Nations World Water Development Repo...
 
Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024
 
Parents can give charity ideas for kids.
Parents can give charity ideas for kids.Parents can give charity ideas for kids.
Parents can give charity ideas for kids.
 
Item # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW DirectorItem # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW Director
 
2024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 172024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 17
 
Water can create peace or spark conflict.
Water can create peace or spark conflict.Water can create peace or spark conflict.
Water can create peace or spark conflict.
 
Millions of Homeless Children in kurnool
Millions of Homeless Children in kurnoolMillions of Homeless Children in kurnool
Millions of Homeless Children in kurnool
 
Item # 1a - March 18, 2024 Special CCM Minutes
Item # 1a - March 18, 2024 Special CCM MinutesItem # 1a - March 18, 2024 Special CCM Minutes
Item # 1a - March 18, 2024 Special CCM Minutes
 
PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.
 
World Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportWorld Happiness Report 2024- Full Report
World Happiness Report 2024- Full Report
 
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
 
Yes!? We can end TB - World Tuberculosis Day 2024.
Yes!? We can end TB - World Tuberculosis Day 2024.Yes!? We can end TB - World Tuberculosis Day 2024.
Yes!? We can end TB - World Tuberculosis Day 2024.
 
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptx
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptxDB9_BTR_Webinar_Slidedeck_20230320 (1).pptx
DB9_BTR_Webinar_Slidedeck_20230320 (1).pptx
 
What is Politics by Andrew Heywood - Introduction to Politics
What is Politics by Andrew Heywood - Introduction to PoliticsWhat is Politics by Andrew Heywood - Introduction to Politics
What is Politics by Andrew Heywood - Introduction to Politics
 
War in Ukraine and problematics of the Ukrainian refugees in USA
War in Ukraine and problematics of the Ukrainian refugees in USAWar in Ukraine and problematics of the Ukrainian refugees in USA
War in Ukraine and problematics of the Ukrainian refugees in USA
 
Water and peace go hand-in hand. World Water Day 2024
Water and peace go hand-in hand. World Water Day 2024Water and peace go hand-in hand. World Water Day 2024
Water and peace go hand-in hand. World Water Day 2024
 
Parents give a charity ideas for children
Parents give a charity ideas for childrenParents give a charity ideas for children
Parents give a charity ideas for children
 
Hub Design Inspiration Graphics for inspiration
Hub Design Inspiration Graphics for inspirationHub Design Inspiration Graphics for inspiration
Hub Design Inspiration Graphics for inspiration
 
india sanitation coalition Swachata Abhiyan ​.pdf
india sanitation coalition Swachata Abhiyan ​.pdfindia sanitation coalition Swachata Abhiyan ​.pdf
india sanitation coalition Swachata Abhiyan ​.pdf
 

National Volunteering Forum: May18

  • 5. Coming soon: a view from the ICO National Volunteering Forum – 15 May 2018 Richard Sisson, Senior Policy Officer, Policy & Engagement (Private & Third Sector)
  • 6. About us … …and this presentation 25 May 2018
  • 7. Key points about GDPR Evolution Not Revolution Focus on transparency and control Accountability Individual’s rights
  • 8. !? Complying with the GDPR…. • Complete compliance the aim • 25 May is not an end date to compliance • ICO remains a pragmatic organisation • However, no grace period • Follow accountability principle • Know your lawful basis and be able to justify it • Be as transparent as you can Ten days to go:
  • 9. Fining powers €20 million or 4% turnover, but: • ICO wants to promote good practice • Not going to be issuing fines to punish organisations • No guarantees not to fine but look at mitigation • Accountability practices ICO can issue greater fines but this is not our goal.
  • 10. How to work with the ICO + Charity sector page ICO guidance ICO liaises with member bodies on issues ICO expanding – new teams and processes
  • 11. Guide to the GDPR
  • 12. Fundraising and direct marketing Confusion over use of legitimate interests (LI) and consent If marketing caught by PECR then you will need consent - except in certain circumstances LI can be used for marketing not caught by PECR - but must do a LI assessment - and, need for transparency
  • 13. Issues for the sector 1: What do volunteers need to do about personal data -Will depend on how the volunteer is undertaking their role -If they are not processing personal data as part of their role then it is still useful for them to know about the legal obligations regarding personal data -may be useful to know about what the organisation does with personal data for purposes of transparency
  • 14. Issues for the sector 2: Where volunteers do process personal data, they must: - know the purpose they need the individual’s data - know their lawful basis - be transparent - only collect the personal data that they need to - have appropriate security in place Organisation should decide whether individuals need to be processing the data independently or whether the organisation should process the personal data
  • 16. @iconews Keep in touch Subscribe to our e-newsletter at www.ico.org.uk or find us on… /iconews http://ico.org.uk/livechat
  • 21. Alzheimer’s Society Alzheimer’s Society 21 • 2200 employees • 6100 volunteers • Over 2 million Dementia Friends The new deal on dementia: • Support • Society • Research
  • 22. Why did we get an enforcement notice? …because we didn’t listen 22
  • 23. 23
  • 24. 24
  • 25. What did we need to fix the issues? EN10 25
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. 29
  • 30. 30
  • 32. Do it with data GDPR Damien Austin-Walker doit.life Sharing & consent in volunteer brokerage
  • 34. Pillars of GDPR ● Transparency - the right to be informed ● Access - the right to access and verify data is processed legally ● Rectification - the right to rectify incorrect or incomplete data ● Erasure - the right to be informed ● Portability - the right to obtain and reuse your personal data ● Objection - the right to object to marketing & profiling
  • 38. Should not for profits learn from the commercial sector?
  • 39. So what’s the issue with volunteering?
  • 40. When you register your interest in a job or volunteering opportunity, we will forward your details to the recruiter. If the opportunity is advertised through a broker, such as a Volunteer Centre or recruitment agency, your details will be available to both the broker and the organisation providing the opportunity in order to take your application forward. What is Do it doing?
  • 48. Rise of digital identity Data can be cryptographically protected so only the individual can grant access on a case by case basis. Additionally it can be decentralised - either stored across users’ personal devices, or across the internet on a blockchain.
  • 50. What is the future?
  • 54. Chris Wade Director of Engagement & Clare Sutton Learning and Development Officer ‘Equipping Volunteers for their responsibilities under GDPR’
  • 56. A different approach ‘Protecting and Respecting Personal Data’ – creates engagement and a desire to comply with the regulations – positive response to this approach
  • 58. Starting the conversation… Self Assessment • Each Branch/Group (B&G) member with data responsibilities asked to complete with support from Regional Volunteer Development Co-Ordinator • Almost 60% returned – used to inform training • Started B&G looking at their practices ahead of learning sessions
  • 59. Learning Sessions… ‘What do I need to know?’ • National delivery of face-to-face learning sessions focused on ‘what do I need to know’ - not weighed down in technical information • Using real life examples and scenarios • Able to respond to questions and concerns immediately
  • 61. Challenges… • National reach of volunteers – 79 active B&G • Creating opportunities for volunteers to attend learning sessions • Pitching the learning sessions at the right level • The complexities of applying GDPR • Managing varying attitudes to new regulations
  • 62. What’s Next… • More learning events • Volunteer team able to deliver further sessions with learning resources • Webinars for those unable to attend • Review of B&G practice on-going
  • 63. Meeting all your data protection and privacy needs
  • 64. Privacy Statements (Squaring the Circle) Managing Multiple Relationships (Who are you to them?) Gary Shipsey | Managing Director 14th May 2018 15 May 2018
  • 66. 15 May 2018 “We won’t share your details with other charities for marketing purposes. If that’s not OK, please tick the box.”
  • 67. 15 May 2018 “…ought to reasonably have known that data subjects would be unlikely to infer from those terms that their person data would be processed for the purposes of wealth screening” para 40 BHF / para 47 RSPCA
  • 68. 15 May 2018 …user-centric rather than legalistic The practical (information) requirements are outlined in Art. 12 - 14 However, the quality, accessibility and comprehensibility of the information is as important as the actual content of the transparency information…” Article 29 Working Party Guidelines on transparency
  • 69. 15 May 2018 ‘Privacy notice’ to describe all the privacy information you need to make available to people. It must: • Be more detailed and specific • Make notices understandable and accessible • Be audience specific • Use house-style language still discretion for [you] to consider where the information… should be displayed in different layers of a notice.
  • 70. 15 May 2018 Means of providing privacy information 3. engagement with stakeholders in developing and testing your privacy info.; 4. your approach to obtaining consent (where applicable) 5. your approach to collecting personal data via Applications (if applicable); 6. the different ways personal data is collected from each Data Subject Category 7. what potential methods, means and formats you have at your disposal to deliver the privacy information, and 8. an approach to providing privacy info. throughout the period of processing 1. the language and general accessibility considerations; 2. how you will approach vulnerable data subjects (if applicable);
  • 71. 15 May 2018 Means of providing general privacy information Define how you will provide access to the privacy information that every Data Subject should be able to access - Data Controller - DPO / DP Lead - Individual’s rights - ICO
  • 72. 15 May 2018 Baseline of specific privacy information (per Data Subject Category) Define a "baseline" of specific privacy information for each Data Subject Category. Much of the detail should come from your Record of Processing Activities (ROPA). Maintain a Master Log of “baseline” privacy information in your Privacy Information Strategy. Data Subject Categories A. Employees B. Contractors C. Councillors D. Applicants E. Service users
  • 73. 15 May 2018 Means of providing general privacy information Means of providing privacy information Baseline of specific privacy information (per Data Subject Category) Privacy Information Assessments Undertaken to define how privacy information will be provided, in three situations: A. Collected directly from an individual - e.g. via a form; verbally; in person. B. Come into the organisation from another source - e.g. a referral from another organisation; a public source. C. When existing personal data is to be used for a new purpose
  • 74. 15 May 2018 The request for consent shall be presented in a manner which is: Clearly distinguishable from other matters In an intelligible and easily accessible form Using clear and plain language
  • 75. Consent 15 May 2018 Any freely given, specific, informed and unambiguous indication of [their] wishes… [either] by a statement or by a clear affirmative action
  • 76. 15 May 2018 not…freely given, if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate When the processing has multiple purposes, consent should be given for all of them. Specific and informed …you should provide a separate opt-in for each…unless you are confident it is appropriate to bundle them together. If you want consent for various different purposes or types of processing… People should not be forced to agree to all or nothing… …they may want to consent to some things but not to others.
  • 77. 15 May 2018 Direct Marketing “…communication (by whatever means) …of any advertising or marketing material …which is directed to particular individuals”. “All promotional material….including material promoting the aims [and ideals] of not-for-profit organisations… …the direct marketing rules…will apply to the promotional, campaigning and fundraising activities of [charities / NfPs]. …any messages which include some marketing elements, even if that is not their main purpose.
  • 79. 15 May 2018 Screen Vs: previous objections + TPS Legitimate interests OR Consent Legitimate interests OR Consent n/a
  • 80. 15 May 2018 How long does consent last? PECR: • consents for the time being GB Red Cross Undertaking • 2 years ICO Direct Marketing • “consent lasts as long as circumstances remain the same, and will expire if there is a significant change in circumstances.” para 63. • “Even if consent is not explicitly withdrawn, it will become harder to rely on as a genuine indication of the person’s wishes as time passes. • ‘for the time being’. We consider this implies a period of continuity and stability, and that any significant change in circumstances is likely to mean that consent comes to an end.” para 99.
  • 81. Managing Multiple Relationships (Who are you to them?) Gary Shipsey | Managing Director 15th May 2018 15 May 2018www.protecture.org.uk
  • 82. Common sense….? 15 May 2018www.protecture.org.uk “Common sense is not so common” Voltaire
  • 83. 15 May 2018www.protecture.org.uk • Transparency • Accountability • Fines • Compensation shall be responsible for and be able to demonstrate compliance with the principles Greater emphasis
  • 84. 15 May 2018www.protecture.org.uk A) Accountability Strategica Operationalb Tacticalc Policy Standard Procedures How to achieve it; steps to follow What needs to be achieved Risk appetite and overall accountability DPO / DP Lead Public Regulators Suppliers Staff ICO / Fundraising Regulator / Charity Commission Protecture Management and Delivery of Key GDPR Requirements
  • 85. 15 May 2018www.protecture.org.uk Data Controller Data Processor Contract the controller and the processor shall implement appropriate technical and organisational measures… A) Accountability Management and Delivery of Key GDPR Requirements
  • 86. 15 May 2018www.protecture.org.uk Purpose Lawful basis Transparency  How much to collect  Who needs to see it  Who to share it with  How long to keep it Processing activities Extent to which people can use/enforce their rights Be fair – to inform people “… specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes… A) Accountability Record of Processing Activities (ROPA)
  • 87. 15 May 2018www.protecture.org.uk 1. Fundraisers 2. Finance team / HR (incl. volunteers) 3. Support Hubs 4. Recreation Club (gym) 5. Massage therapy 6. Shops Business Objectives / areas Data Subject Categories A. Employees / Volunteers B. Donors (financial) C. Service users D. Customers A) Accountability Record of Processing Activities (ROPA)
  • 88. 15 May 2018www.protecture.org.uk 1. Housing 2. Education 3. Justice 4. Health 5. Support & advice 6. Policy & research 7. Finance / HR 8. Fundraising Business Objectives / areas Data Subject Categories A. Employees / Volunteers B. Donors (financial) C. Service users A) Accountability Record of Processing Activities (ROPA)
  • 89. 15 May 2018 Compliance with Legal Obligation Required by UK or EU Law A public task Official functions/tasks in public interest Vital interests Protect someone’s life Contract with the individual Supply what they want/steps taken at their request before entering into a contract Consent Legitimate interest* Your needs unless outweighed by the harm to the individuals right's and interests www.protecture.org.uk
  • 90. 15 May 2018www.protecture.org.uk Objective: Ensure all current technical and organisational measures in place are understood and any key risks mitigates or accepted C) Security
  • 91. 15 May 2018www.protecture.org.uk Taking into account the:  state of the art  the costs of implementation  the nature, scope, context, purposes of processing  risk of varying likelihood  severity for the rights and freedoms of natural persons …the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk… C) Security
  • 92. 15 May 2018www.protecture.org.uk In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed … C) Security
  • 99. FURTHER INFORMATION Practical support https://www.ncvo.org.uk/practical-support/volunteering http://knowhownonprofit.org/ Data and research http://data.ncvo.org.uk/ https://www.ncvo.org.uk/institute-for-volunteering-research Investing in Volunteers http://iiv.investinginvolunteers.org.uk/ Become a member https://www.ncvo.org.uk/about-us/join-ncvo 99